DE102004018367A1 - Privacy-compliant Radio Frequency Identification (RFID) system through owner-controlled RFID tag functionality - Google Patents

Abstract

RFID tag with a means for sending and receiving messages from a reader (Reader) with the special property of performing functions in response to
- The reader proves the knowledge of a password or
- an internal state allows the execution,
wherein the password and the internal state can be changed by at least one function at a time.

Description

The Application relates to an extension of the functionality of so-called RFID (Radio Frequency Identification) systems.

RFID tags and the necessary infrastructure, such as Readers are The prior art has long been known and become, for example for marking objects used. RFID tags usually have a transmitting and receiving device on, with them u.a. a marking (identification number) transferred to a reader (Reader) can and other functions called by the reader (called) as soon as possible an RFID tag is within its sphere of influence.

The Labeling is used to identify the tags and thus of the tag connected object.

In In the near future, these tags will be the barcodes used so far to replace consumer products to all logistics processes as well as the Simplify processes in the supermarket. For example, self-service funds planned, because the contents of a shopping cart complete in one step can be scanned.

The Invention addresses the privacy issue of this technology: Since every RFID tag should carry a unique serial number, can the way of every consumer product - with it Every single object is meant - unnoticed and even after Leaving the supermarket to be read out. Thereby humans are can be tracked by these serial numbers and can also with respect to all entrained Products (such as clothing) are scanned by anyone. Should this data, which is at least to be feared, collected and with Help will be stored and evaluated by databases from privacy advocates and privacy activists fear Scenario of the "Transparent Man" Reality.

So far The industry only implements this vision with a so-called kill function contrary, with the tags final can be disabled. Unfortunately, the final prevents Disabling the RFID tags a number of applications. Especially Applications are affected, which are usually only after the purchase of a product, such as an intelligent one Washing machine, which wash temperature and program based on the inserted clothes automatically determined. RFID tags, which provide such a kill function, are in the Specifications Version 1.0 of the EPC Global (http://epcglobalinc.org/standards_technologie/specifications.html) described.

The Invention solves the described privacy problem of the previous RFID technology and allows in contrast to the known Killfunktion at the same time a further use the technology for intelligent, possibly networked devices with an RFID tag according to the features of claim 1, a reader according to the features of the claim 29 and a method according to the features of claim 42. Advantageous Embodiments result from the dependent claims.

The Invention extends the functionality of the tags by the possibility for dynamic activation, deactivation or restriction of the (Identification) functionality the RFID tags.

Concrete is meant that decided on the basis of an internal state which functions an RFID tag performs to what extent, if a particular request from the reader is received. Especially a state should be provided in which the RFID tag none of Internally stored data, usually a Enable identification, outputs.

However, in every state, the RFID tag should fulfill the communication protocols valid between reader and RFID tag to the extent that the transmission and reception of data and commands is possible. For example, an RFID tag must signal its presence to a reader and participate in a so-called singulation or anti-collusion protocol in order to be able to receive individual commands at all. In the above ERC Global Specifications, an anti-collusion protocol is presented which manages without using the stored identifying data. In DE10161302 Anti-collusion protocols are proposed that are based on regularly re-generated random numbers rather than identifying data.

Of the Inventive RFID tags Represents a function to change of the internal state available. This function is only executed after the function calling readers the knowledge of a secret date, one on detected by the RFID tag. The secret Date will be referred to as a password below. The detection function is referred to as verification in the following.

The RFID tag according to the invention provides a rewritable nonvolatile storage space for storing the password. The first password can be set in an advantageous manner during the manufacturing process of the tag or when connecting the product to the RFID tag. Ideally, the enrollment of the password should be done together with the enrollment of the identification data, as both should be sent along with the product in every step of the logistics chain.

Two advantageous forms of password verification are disclosed in the RFID systems according to the invention:
In the first version, the password is sent from the reader to the RFID tag for verification. The advantage of this method of verification is a very simple implementation on the RFID tag. Only a comparison function of the stored password with the obtained password is required. The disadvantage is that the password can be determined by other devices by listening to the radio communication.

In a second expression stands both in the RFID tag and in the reader a means (a function) to disposal, which combines the password and another value to a test value. In addition, the RFID tag has a means for generating a random value (Random value) available. The expression the means for generating the random value is arbitrary. For example For example, a noise source can be used with a sampling circuit or to an individually assigned initial value during production repeatedly a hash function will be applied and the random sequence be formed from parts of the respective intermediate values.

The Means for calculating the test value can be realized arbitrarily. Ideal would be a cryptographically secure One-way function or a symmetric encryption function, where one the input values as a key would be used because so the inversion of the function or the determination of an unknown third throw with knowledge of the other two is difficult or impossible. The implementation options of the means also include the possibility to perform the calculation only on the basis of an input value, where either only the password is used or any other Means is used to combine the input values. The realization options the agent also includes the possibility of calculating Basis of more than two input values. The realization options the agent also includes the ability to have more than one output value to calculate.

In this expression For verification, the RFID tag generates a random number first stores them in any memory and sends the random number also to the reader. The reader uses the means of production the test value being as input the password and the received random number used becomes. The test value the reader sends to the RFID tag. The RFID tag calculates one second test value based on the stored password and the stored random number and compares both test values. If both test values match, the function protected by the verification is executed. alternative the agent on the RFID tag can also reverse the calculation, ie from the test value and calculate one input value from the other and compare it. The advantage of the second expression Verification is the security against eavesdropping, Disadvantage the higher circuit engineering complexity of the day.

The Security of the procedure, ie the protection against the determinability the password by third party depends on the cryptographic Goodness of By means of the test value calculation (how hard is the reversal of the one-way function or the determination of the unknown value), the cryptographic goodness of the random number generator and the length the used bit sequences for Password, random value and test value.

Of Furthermore, an RFID tag according to the invention provides a means (a Function) for changing the password ready. This function is only after one successful verification of the previous password. there the new password is transferred from the reader to the RFID tag.

Two advantageous features for the transmission of a password from the reader to the RFID tag of the RFID systems according to the invention are disclosed:
In the first form of password transmission, the new password is sent from the reader to the RFID tag. The advantage of this embodiment of the invention is the ease of implementation on the RFID tag. The downside is the possibility of listening through another device.

In the second advantageous embodiment of the password transmission, a means is available both in the RFID tag and in the reader, which can calculate a third from two input values. This means can be realized arbitrarily, whereby the calculation must be so far reversible that there exists a means which can calculate the second input value from one of the input values and the output value. Examples of such means are any symmetric encryption functions or the bitwise XOR overlay of the two input values. The realization options of the means also include the possibility of performing the calculation on the basis of more than two input values. The implementation options of the funds also include the possibility of more than to calculate an output value.

Of the Advantage of this expression The invention is the higher Privacy, Disadvantage the higher circuit engineering complexity of the day. The security of the method is of cryptographic good quality used Medium and of length dependent on the values used, the simple bitwise XOR overlay (One-time pad) already provides maximum security and thus optimal is.

In order to the password or the state of the tag can be changed, it is for the current owner one day necessary to know the respective password.

In The above EPC Global specification is proposed to everyone RFID tag to give an individual password. Ideally should these passwords handed over to the current owner on the way to the supermarket be transferred directly from the manufacturer to the respective supermarket become. The invention does not want to solve this problem since already for the kill function the transmission a similar one Password is necessary, which can be used for this purpose.

in the Contrary to the previous solution based on the kill function, the password is at or after the supermarket checkout handed over to the customer. Thereby receives the customer the complete control over the functionality his tags.

By change the password takes over respective owners have sole control over the functionality of one RFID tags since the previous owners now have a wrong password in your databases.

The The invention also relates to an advantageous method for changing the passwords which solves the problem, the tag that is in a disabled state is not can be identified and thus their password can not be determined.

The advantageous procedure involves having one owner all in his Owned tags the same password. First afterwards or at the same time the deactivation takes place.

Ideally This procedure should already be carried out at the supermarket checkout.

• 1. Der bisherige Besitzer ändert das Passwort der zu übergebendes Tags auf einen zufällig gewählten Wert. Bei Übergabe des Objektes teilt der alte Besitzer dem neuen Besitzer das verwendete Passwort mit.
• 2. Der neue Besitzer führt möglichst außerhalb der Funk-Reichweite (in seinem Vertrauensbereich) eine zweite Passwortänderung durch, wobei der Besitzer üblicherweise ein gemeinsames Passwort für alle seine Tags verwendet.

The change of the owner of a tag, for example at the cash register of a supermarket, should be done in two steps:

• 1. The previous owner changes the password of the tags to be given to a random value. When the object is handed over, the old owner notifies the new owner of the password used.
• 2. The new owner makes a second password change, if possible outside of the radio range (in his trusted area), whereby the owner usually uses a common password for all his tags.

• 1. Wahl eines zufälligen Wertes als neues Passwort durch den Reader.
• 2. Auslesen der Identifikation eines Tags
• 3. Ändern des Passwortes des Tags auf den neuen Wert, das jeweilig notwendige bisherige Passwort erhält der Reader durch Abfrage einer Datenbank, beispielsweise der Produkt-Bestandsdatenbank des Supermarktes.
• 4. Deaktivieren des Tags.
• 5. Wenn weitere Tags vorhanden sind, fortfahren mit Schritt 2.
• 6. Übergabe des Passwortes für diesen Einkauf an den neuen Besitzer der Produkte, beispielsweise durch Drucken auf den Kassenzettel oder durch übertragen an ein sich im Besitz des Kunden befindliches Gerät (z.B. Chipkarte)

An advantageous step sequence at the supermarket checkout is:

• 1. Selection of a random value as a new password by the reader.
• 2. Reading out the identification of a tag
• 3. Changing the password of the tag to the new value, the respective required previous password receives the reader by querying a database, for example, the product inventory database of the supermarket.
• 4. Disable the tag.
• 5. If there are more tags, go to step 2.
• 6. Passing the password for this purchase to the new owner of the products, for example by printing on the receipt or by transferring to a device in the possession of the customer (eg chip card)

In order to all owned / person tags same password should be included, the password change by a reader in the Confidence of the person to be repeated.

there can be a similar one Step sequence are used, with the difference that step 1 performed only once and once in the device saved password for all tags is used. The previous password, necessary in step 3 is the user through step 6 previous password change to disposal and may have to be transmitted to the reader become. Step 6 falls path.

• 1. Übertragen an irgend ein elektronisches Gerät im Besitz des Kunden (z.B. Handy).
• 2. Direkt übertragen (senden) an das Haussystem des Kunden (insbesondere für Fernabsatz/Internet-Bestellung)
• 3. Drucken auf den Kassenzettel: Die dritte Möglichkeit könnte in der Ausbauphase besonders wichtig, sein, wenn nur wenige Kunden intelligente Haushaltsgeräte haben. Man könnte sozusagen wichtige Tags nachträglich migrieren, wenn ein solches Gerät angeschafft wurde. Andererseits ist Einkaufen so auch ohne das elektronische Gerät möglich, welches die Passwörter speichert.

There are three ways in which the intermediate password can be communicated to the user:

• 1. Transferring to any electronic device owned by the customer (eg mobile phone).
• 2. Directly transmit (send) to the customer's home system (especially for distance sales / Internet ordering)
• 3. Printing on the receipt: The third option could be particularly important in the expansion phase, when only a few customers have smart home appliances. You could, so to speak, migrate important tags retroactively if such a device was purchased. On the other hand, shopping is possible without the electronic device storing the passwords.

In a further advantageous embodiment of the invention takes place the owner change only by handover the previous password. This possibility is possibly u.U. at the supermarket checkout workable as the tags in making an individual password get assigned. For the transfer from one trust to another is this Approach but not recommended, as the new owner in this case the common password of all RFID tags of the previous one Owner would have to be notified.

The described privacy problems of RFID technology, which all processes after leaving the supermarket relate, by the invention solved, since deactivated tags only identify themselves to authorized scanners.

• – Vollständige Anonymisierung: Ein unverifizierter Reader erhält keinen Teil der Kennzeichnung, d.h. der RFID-Tag ist nicht identifizierbar.
• – Anonymisierung der Seriennummer: RFID-Tags können so verwendet werden, dass sie eine EPC (Electronic Product Code) ausgeben, der aus einer Produktkennung und einer Seriennummer des einzelnen Objektes besteht. In dieser Ausprägung würde nur die Produktkennung ausgegeben. Welches konkrete Objekt des Produktes vorliegt, bleibt verborgen.
• – Anonymisierung der Identifikationsnummer aber Offenlegung anderer Informationen: Die Ausgabe der Identifikationsnummer wird auf verifizierte Reader beschränkt, aber beliebige andere Informationen die in einer Ausprägung der Erfindung von einem verifizierten Reader geändert werden können, abrufbar über zusätzliche Funktionen, werden allgemein zur Verfügung gestellt. Dies ermöglicht beispielsweise Recycling-Informationen über die chemischen Bestandteile lesbar zu gestalten oder für Information für Rücknahmeautomaten pfandpflichtiger Verpackungen.

Due to the password-based possibility of restricting access to the tag functionality, it is achieved, among other things, that an RFID tag can only be completely controlled by verified readers. By changing the password, the control of the tag can be limited to the current owner. In addition, the owner can limit the access of unauthorized arbitrarily. The following exemplary restrictions would be conceivable:

• - Complete anonymization: An unverified reader does not receive any part of the label, ie the RFID tag is not identifiable.
• - Anonymization of the serial number: RFID tags can be used to output an EPC (Electronic Product Code) consisting of a product identifier and a serial number of the individual object. In this form, only the product identifier would be output. Which concrete object of the product exists remains hidden.
• - Anonymization of the identification number but disclosure of other information: The issuance of the identification number is restricted to verified readers, but any other information that can be changed in one form of the invention by a verified reader, retrievable via additional functions, are generally provided. This makes it possible, for example, to make recycling information on the chemical components readable or for information for automatic reverse vending machines subject to a deposit.

A further advantageous form The invention provides a means of which consists of two input values a test value calculated. examples for the realization of such a means is a cryptographic Hash function (one-way function) or a symmetric encryption function. With the help of a challenge response Process and with the participation of the RFID tag or product manufacturer the authenticity of the tag and thus, under restrictions, the authenticity of the tag Product to be checked.

background the expression the invention is the fact that it is easily possible to produce freely programmable tags - from production technology establish likely even almost all RFID tags without a specific identification number be made and this instead only on the product the first and final Programming received. RFID tags without verifiable identification number therefore become counterfeit products rather facilitate rather than complicate.

For this shaping must in the RFID tag according to the invention next to the password another secret value will be stored, which may be stored in a non-rewritable memory. In addition, in the computer system of the product or RFID tag manufacturer a means may be provided for calculating the mean in the RFID tag repeat or reverse. In addition, the reader requires i.d.R. a Online connection to the computer system of the manufacturer. The manufacturer also needs a Database containing at least the identification number for each RFID tag and stores the secret value also stored in the RFID tag.

In an expression of the claimed method the reader gives the RFID tag a random value. The RFID tag is calculated with the help of the means the test value, where the random number and the secret value stored in the RFID tag be used as input. The test value is sent back to the reader. The reader sends the combination of RFID tag identification data, Random value and test value to the manufacturer. The manufacturer checks the correctness with the help its agent and the secret stored in its database Value for the requested RFID tag. Depending on the characteristics of the By means of two of the three values (random value, test value and secret value of the tag) used as input values and the result with the third value compared. The manufacturer registers the result of the comparison the reader.

In another advantageous embodiment of the method receives the reader already in advance one or more valid combination of random value and check value for one specific RFID tag. The review of Authenticity of the tag can then be done locally without having an online connection would be necessary by passing the random value obtained in the combination to the RFID tag is sent and the answer of the tag compared with the test value becomes.

• – Funktion zum Verifizieren (Senden des Passwortes bzw. Durchführen des Challenge-Response Verfahrens und der entsprechenden Mittel zum Nachweis der Kenntnis des Passwortes
• – Aufrufen von Funktion nach Verifikation des Passwortes
• – Funktion zum Ändern des Zustandes
• – Funktion zum Ändern des Passwortes
• – Methode das gemeinsame Passwort zu speichern und nur an bekannte vertrauenswürdige andere Geräte weiterzugeben
• – Methode neue RFID-Tags unter Angabe der jeweiligen Passwörter durch Änderung der Passwörter auf das gemeinsame Passwort in Besitz zu nehmen.

Components of the application are also (networked) readers with the following special functionalities:

• - Function for verifying (sending the password or performing the challenge-response method and the corresponding means for proving the knowledge of the password
• - call function after verification of the password
• - Function for changing the state
• - Function for changing the password
• - Method to store the shared password and pass it on only to known trusted other devices
• - Method new RFID tags by stating the respective passwords by changing the passwords to take the common password in possession.

Claims (45)

RFID tag with a means of sending and receiving messages from a reader (Reader) with the special feature to perform functions depending on that - the reader the knowledge a password proves or - an internal state the execution allowed where the password and the internal state by at least one function each changed can be. RFID tag according to claim 1, wherein a rewritable Memory is provided for storing a password. RFID tag according to claim 2, wherein a means for Comparing two values is provided. RFID tag according to claim 3, which claims the means of claim 3 uses a received value with the saved password to compare. RFID tag according to claim 3; with that still a means is provided for generating random values. An RFID tag according to claim 5, further comprising means to calculate one or more test values from at least two Input values is provided. RFID tag according to claim 6, wherein a challenge response Function for comparing the password is provided. RFID tag according to claim 5, wherein a volatile or non-volatile rewritable memory for latching a random number (Claim 5) is provided. RFID tag according to claim 8, wherein a request of the Readers to compare the password with the buffers (Claim 8) and sending a generated with the means of claim 5 Random number is answered. RFID tag according to claim 9, wherein the response to the transmission (claim 9) is compared with the result of The means of claim 6, wherein the values from the memory of the random number (Claim 8) and from the memory of the password (claim 2) as Input can be used. RFID tag according to claim 9, wherein the response to the sending (claim 9) the value from the memory of the password (Claim 2) as input for the means of claim 6 is used and the result of the calculation of the random number means (claim 8) by means of the means Claim 3 is compared. RFID tag according to claim 4, 10 or 11 in the case of a positive outcome of the comparison the password verification otherwise than unsuccessful. RFID tag according to claim 1, wherein a memory for Storing of identification data is provided. RFID tag according to claim 13, wherein a means for Sending out parts of the identification data (claim 13) provided is. An RFID tag according to claim 14, wherein a memory is provided for storing a state that determines whether and what parts of the identification data (claim 13) output be allowed to. RFID tag according to claim 14 and 15, wherein the function for transmitting parts of the identification data (claim 14), dependent of the state (claim 15) is executed. RFID tag according to claim 12 and 14, wherein the emitting the identification data (claim 14) is performed only if a previous password verification was successful (claim 12), in the case of success, the identification data sent out completely become. RFID tag according to claim 16 and 17, wherein the transmission of parts of the identification number either according to the conditions according to claim 16 or according to the conditions of claim 17. The RFID tag according to claim 12 and 15, wherein a function for changing the state from An Claim 15 is provided, which is performed only after a successful password verification (claim 12). RFID tag according to claim 2, wherein a means for calculate a new password from two input values, one received Value and the value from the memory of the password (claim 2) provided is. RFID tag according to claim 2, wherein the new password is received directly. RFID tag according to claim 20 or 21, wherein a possibility to change the password is provided by the means of claim 20 or directly received password (claim 21) in the memory is stored from claim 2. An RFID tag according to claim 22, wherein the function to change of the password (claim 22) is performed only if a previous one Password verification (claim 12) was successful. RFID tag with the special property that the Authenticity of the identification data sent by an RFID tag (e.g., that of claim 13) verified with the assistance of the manufacturer can be. The RFID tag of claim 24, wherein a non-volatile and non-rewritable or rewritable memory is provided for storing a Verifikationswertes. An RFID tag according to claim 25, wherein a means is provided is, which determines a test value from two input values. RFID tag according to claim 26, wherein a challenge response Function for verifying the identification data (claim 13) is provided. An RFID tag according to claim 27, wherein a function for verifying the identification data (claim 13) is by a received value and the verification value (claim 25) is used as input of the means of claim 26 and the result is sent out. device (Reader) with means for communicating with RFID tags according to claims 1-28, with the special features the knowledge of a stored in the RFID tag Password (claim 2) prove stored data (claim 13), change the state of the tag and the password of the Change tags to be able to. A reader according to claim 29, wherein a memory for Storing a password is provided. 31. Reader according to claim 30, in which a means for calculating a test value is provided, wherein this means realizes the same or the reverse calculation as the agent of claim 6. A reader according to claim 30, wherein a function for Sending the password is provided. A reader according to claim 31, wherein a function is provided is that a random value received and the password (claim 30) as input for used the means of claim 31 and the result to an RFID tag dispatches. Reader according to claim 32 or 33, wherein a function for querying the identification data of an RFID tag (claim 13) after verification of the password (claim 32 or 33) is. Reader according to claim 32 or 33, wherein a function to change of the state on the RFID tag (Claim 15,19) after verifying the password (claim 32 and 33) is provided. Reader according to claim 32 or 33, wherein a function to change the password on the RFID tag (Claim 5) after verification of the previous password (claim 32 or 33) is provided, with the new password in plain text is sent or with the help of a means from the previous and the new password a test value calculated and sent to the RFID tag. Method of a reader according to claim 29 for verification the identification value of an RFID tag (claims 13), wherein the reader is a random number to the RFID tag and the received response (check value), the random number and sends the identification value to the manufacturer of the product, which carries the RFID tag. The manufacturer responds with "true" when the verification was successful. The method of claim 37, wherein the reader in advance a valid one Combination of random value and test value for an identification value asked by the manufacturer and the answer of the tag with the combination contained test value compares. Database of a product manufacturer according to claim 37 or 38 with the special property, to the identification values (Claim 13) of all products also the verification values To store (claim 25). A method of the database of a product manufacturer according to claim 39, wherein a function is provided, the request for identification test the number, random number, and RFID-tagged answer for correctness and submit the result to the requesting party. For this purpose, a means is used which calculates a test value from the received random value and the verification value. The method of claim 40, wherein provided Combinations of identification value, random number and test value with Help of means for generating random numbers and means to create from claim 40. Procedure for changing a password stored on an RFID tag according to claims 1-23, wherein a reader first proves the knowledge of the previous password (Claim 32 or 33) and then the new password accordingly Claim 36 transmitted. The method of claim 42 for changing the passwords of all within a period of a reader contacted RFID tags claims 1-23 on a shared password, which is either given or at the beginning of the method is chosen randomly. common password can be controlled. Method according to claim 42 for changing the owner one or more RFID tags according to claims 1-23, wherein twice per RFID tag a password change is carried out according to claim 42, being a random one elected Intermediate password is used. RFID tag according to claims 1-23 with the special property that functions are provided which only in certain states (claim 15) or after verification of the password (claim 12) are executed. RFID tag according to claims 1-23 with the special property that extra Memory are provided which only in certain states (claim 15) or after verification of the password (claim 12) accessed can be.